<?
	session_start();
	require("includes/connect.inc.php");
	$currUrl = 'http://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
	$readerUrl = "$currUrl/reader.php";
	$providerUrl = "$currUrl/provider.php";
	$adminUrl = "$currUrl/admin.php";
	$publisherUrl = "$currUrl/publisher.php";

	
	$sql = "SELECT * FROM reader WHERE username='".$_POST['username']."' AND password='".sha1($_POST['password'])."'";
	$query = $db->sql_query($sql);
	if($db->sql_numrows($query) == 1){
		$_SESSION['auth'] = true;
		$_SESSION['rule'] = "READER";
		$_SESSION['userdata'] = $db->sql_fetchrow($query);
		header("location:$readerUrl");
		exit;
	}
	
	$sql = "SELECT * FROM publisher WHERE username='".$_POST['username']."' AND password='".sha1($_POST['password'])."'";
	$query = $db->sql_query($sql);
	if($db->sql_numrows($query) == 1){
		$_SESSION['auth'] = true;
		$_SESSION['rule'] = "PUBLISHER";
		$_SESSION['userdata'] = $db->sql_fetchrow($query);
		header("location:$publisherUrl");
		exit;
	}
	
	$sql = "SELECT * FROM provider WHERE username='".$_POST['username']."' AND password='".sha1($_POST['password'])."'";
	$query = $db->sql_query($sql);
	if($db->sql_numrows($query) == 1){
		$_SESSION['auth'] = true;
		$_SESSION['rule'] = "PROVIDER";
		$_SESSION['userdata'] = $db->sql_fetchrow($query);
		header("location:$providerUrl");
		exit;
	}
	
	$sql = "SELECT * FROM admin WHERE username='".$_POST['username']."' AND password='".sha1($_POST['password'])."'";
	$query = $db->sql_query($sql);
	if($db->sql_numrows($query) == 1){
		$_SESSION['auth'] = true;
		$_SESSION['rule'] = "ADMIN";
		$_SESSION['userdata'] = $db->sql_fetchrow($query);
		header("location:$adminUrl");
		exit;
	}
	
	$_SESSION['auth'] = false;
	$_SESSION['rule'] = "";
	$_SESSION['userdata'] = "";
	echo 'Wrong Password';
?>